[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference turris::digital_unix

Title:DIGITAL UNIX(FORMERLY KNOWN AS DEC OSF/1)
Notice:Welcome to the Digital UNIX Conference
Moderator:SMURF::DENHAM
Created:Thu Mar 16 1995
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:10068
Total number of notes:35879

9428.0. "c2 : console and tty locked ... help" by NETRIX::"[email protected]" (thierry FAIDHERBE) Tue Apr 08 1997 12:12

Hi,

OSF 3.2g / C2 enhanced security

customer opened a call because all ttys and console are locked 
by c2-enhanced security under OSF 3.2g

I tryed some thing for example a mv /etc/auth/system/.proto..ttys to
 /etc/auth/system/ttys and tryed to reboot but problem seems to be se 
same : user receive always that term/tty is lock and invalid logging.

can somebody have a workaroung to try to unlock copnsole and ttys and to 
solve these problem ... ?

Thanks,
Thierry
[Posted by WWW Notes gateway]
T.RTitleUserPersonal
Name		DateLines
9428.1NETRIX::"[email protected]"Ann MajeskeWed Apr 09 1997 17:4243
Thierry,

You haven't given enough information for anyone to know why the
customer can't log in.

First, I suggest that you read the section in the Security manual on the 
protected password database, the default database, and the ttys database.  
Also read the man pages for prpasswd(4), default(4), ttys(4), and authcap(4),
so you have a better idea of what is going on.

Then, get the answers to the following questions.  You may be able to
debug this problem yourself.

What error message is the customer getting when he tries to log in to 
console?  (exact text of message)

Does the customer have a graphics console?

What error message is the customer getting when he tries to log in to
other terminals?  (exact text of message)

Does he get the same message for root as he does for other users?

Did this happen when he changed from Base to Enhanced security?

Have logins ever worked for the customer while running Enhanced Security?
If yes, what did he change to make it stop working?

What do the entries in the ttys file look like?

What is the contents of the default file?

Note that there are at least 2 combinations of items in the ttys file 
and default file that can cause the ttys to be locked.  A terminal is
locked if t_failures exceeds the value of t_maxtries (if there is not a 
t_maxtries item in the ttys entry, check the default file).  A terminal
is locked if the t_lock item is set.

There are also combinations of items in the prpasswd database and the
default file that cause individual accounts to be locked, but in this
case the message will be that the account is locked, not the tty.

[Posted by WWW Notes gateway]
9428.2Solved .... NNTPD::"[email protected]"Thierry FAIDHERBEWed Apr 16 1997 06:5140
Hi ,

Happy to let you know that my prob is solved.
Will add command summary that I used to solve prob.

Thanks,
Thierry

Config: Digital Unix v3.2G and C2 enhanced
security, now root password did not work.

So:

To change root passwd:
>> b -fl s (to single user mode)
#mount -u /
#cd /tcb/files/auth/r
#mv root root.old_root
#cp ..proto.root root
#init 3

Now root login will not require password.
================================================

Now getting messages "Terminal is disabled" message, it appears
console login device is locked due to too many login failure attemps.

To fix it:
boot to single user mode.
#/sbin/bcheckrc
#mv /etc/auth/system/ttys /etc/auth/system/ttys.old_ttys
#cp /etc/auth/system/..proto.ttys /etc/auth/system/ttys

He can now login as root and change the password.

Once logged as root, use XIsso tools to unlock other ttys and/or users
accounts


[Posted by WWW Notes gateway]